Join 6,000+ Laravel Developers on February 7, 2018 for Laracon Online. Get your tickets today!
New Blade Directives Coming to Laravel 5.6
Laravel 5.6 / December 13, 2017

New Blade Directives Coming to Laravel 5.6

Laravel 5.6 will include two new form blade directives for cross-site request forgery (CSRF) and HTTP method input, thanks to Taylor Otwell.

In Laravel 5.5 you do the following at the top of forms to create hidden inputs for the CSRF token and the spoofed HTTP method:

<form>
  {{ csrf_field() }}
  {{ method_field('PUT') }}
  <!-- ... -->
</form>

Starting in Laravel 5.6 you can do the following instead:

<form>
  @method('put')
  @csrf
  <!-- ... -->
</form>

Laravel makes it easy to protect your site against CSRF attacks without any work on your part. However, if you want to submit a form successfully you must include a CSRF token input to verify that the form submission came from the application and not from another site.

Secondly, since HTML forms can’t make PUT, PATCH, or DELETE requests you need to add a hidden _method input to spoof these HTTP verbs. Laravel uses the _method input to route the request to the appropriate controller action correctly.

These directives will be out with Laravel 5.6 when it ships next year! Here’s the commit if you want to see the source code related to this feature.

I feel like the new directives are more instinctive and more natural to remember, however, the helper functions are still available for use if you prefer.

This appeared first on Laravel News
Laravel News Partners

Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.